DevOps and cybersecurity are both top priorities for many enterprises, as well as areas that have experienced considerable innovation recently. And even though these are two very different sides of IT, there are lessons to be learned between the two. Both areas are in the midst of major transitions. For application development the shift is from slow, monolithic releases to fast and responsive development cycles. For cybersecurity the shift is from the old perimeter block/allow enforcement model to more adaptive security that continuously looks for threats across the enterprise.
Hmm, I thought I remembered my password. As I tried to log into my account with a large retailer known for their athletic wear, I click the forgot password link. I enter my email address.
True Positives. It’s a topic of great interest to me. Security Operations can spend a lot of time dealing with separating out the truly non-malicious events. There is an easier way. But, before we go further, let’s align and calibrate on the terminology of True/False Positives/Negatives. Some of these terms have varying levels of agreement. It reminds me of VLAN-- you can have 5 people in the room and there will be 6 different definitions for it. To make sure we are on the same page, let's start with basic definitions accompanied with real life examples.
Noise. Noise. Noise. Our world is noisy. It's all over the place. Visual noise, physical noise. And then there is the noise which bothers analysts in the security industry. I am referring to the security signal to noise ratio that is only growing and growing because of the evolving techniques, various data sources and the unknown threats that we all want to catch (or is it afraid to miss?). In fact, the elephant has left the room and is now visible to all.
In a recent article I wrote for ITSP Magazine, I discussed one of the prominent challenges that enterprises are facing today: the IT Security talent shortage. CISOs want to fill their security team bench with specialized engineers. The problem is, they aren’t readily available. In this post, I will share some of the highlights from the article and talk more about how to optimize skill development so we can grow the talent base for IT Security pros.
The macro trend for IT security professionals is shifting. The security risk of insider threats is real and has become of equal importance to organizations. Insider threats take many forms - from employees bending the rules to get their jobs done more efficiently, to unhappy employees with malicious intent, to workers who unintentionally install malware, and even 3rd party vendors or partners that don’t follow security policies.
In this final blog of the series “A Closer Look Inside UEBA: Top 5 FAQs,” we’re going to discuss what it takes to manage UEBA and how it can make security teams much more efficient and less overwhelmed.
There is a lot of noise in the cybersecurity space with every company trying to differentiate itself by claiming to be the “next big thing”, but so few have risen to the top. And the security market has changed a lot in the past couple years. As a venture capitalist, I often get asked about how I see the market changing and how we cut through the noise to find and fund companies that are doing something truly unique and innovative and that really solves customer problems.
As Benjamin Franklin once said “An ounce of prevention is worth a pound of cure.” As Enterprises continue to build out and reinforce their IT security strategy, a keen eye is being put toward “preventative” solutions. With the rise in insider threats and compromised credentials, this is no surprise.
In Enterprise security organizations decisions are often made without looking at the big picture. Putting together a security strategy is hard. And sometimes it’s impossible to fully understand the different features and advantages different security solutions provide versus what the organization really needs. Current trends, rumours, lack of security skills or the need to feel secure might have an impact on these decisions. Without a comprehensive knowledge of security--like good attackers or good security researchers often have--an organization can leave themselves exposed.